A Double Assessment of Privacy Risks Aboard Top-Selling Cars-Reference-Cited by-同舟云学术

A Double Assessment of Privacy Risks Aboard Top-Selling Cars

Published:2023-01-06 Issue:2 Volume:6 Page:146-163
ISSN:2096-4250
Container-title:Automotive Innovation
language:en
Short-container-title:Automot. Innov.

Author:

Bella Giampaolo,Biondi Pietro^ORCID,Tudisco Giuseppe

Abstract

AbstractThe advanced and personalised experience that modern cars offer makes them more and more data-hungry. For example, the cabin preferences of the possible drivers must be recorded and associated to some identity, while such data could be exploited to deduce sensitive information about the driver’s health. Therefore, drivers’ privacy must be taken seriously, requiring a dedicated risk assessment framework, as presented in this paper through a double assessment combining the asset-oriented ISO approach with the threat-oriented STRIDE approach. The framework is tailored to the level of specific car brand and demonstrated on the ten top-selling brands as well as, due to its innovative character, Tesla. The two approaches yield different, but complementary findings, demonstrating the additional insights gained through their parallel adoption.

Funder

Università degli Studi di Catania

Publisher

Springer Science and Business Media LLC

Subject

Automotive Engineering

Link

https://link.springer.com/content/pdf/10.1007/s42154-022-00203-2.pdf

Reference68 articles.

1. Bella, G., Biondi, P., Costantino, G., Matteucci, I., Marchetti, M.: Towards the COSCA framework for COnseptualing Secure CArs. In: Roßnagel, H., Schunck, C.H., Mödersheim, S. (eds.) Open Identity Summit 2021, pp. 37–46. Gesellschaft für Informatik e.V, Bonn (2021)

2. Bella, G., Biondi, P., Tudisco, G.: Car drivers’ privacy concerns and trust perceptions. In: Fischer-Hübner, S., Lambrinoudakis, C., Kotsis, G., Tjoa, A.M., Khalil, I. (eds.) Trust, Privacy and Security in Digital Business, pp. 143–154. Springer, Cham (2021)

3. European Union: General Data Protection Regulation (EU Regulation 2016/679) (2016). https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L:2016:119:FULL. Accessed 02 Nov 2022

4. International Organization for Standardization: ISO/IEC 27005:2018 Information technology - Security techniques - Information security risk management (2018). https://www.iso.org/standard/75281.html. Accessed 02 Nov 2022

5. Microsoft: The STRIDE Threat Model (2009). https://docs.microsoft.com/en-us/previous-versions/commerce-server/ee823878(v=cs.20). Accessed 02 Nov 2022

Cited by 9 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. AI-based anomaly identification techniques for vehicles communication protocol systems: Comprehensive investigation, research opportunities and challenges;Internet of Things;2024-10

2. Automated Vehicles and Infrastructure Enablers: Cybersecurity;2024-08-26

3. Understanding Data Breach from a Global Perspective: Incident Visualization and Data Protection Law Review;Data;2024-01-31

4. Up-to-Date Threat Modelling for Soft Privacy on Smart Cars;Lecture Notes in Computer Science;2024

5. A Systematic Approach for Automotive Privacy Management;Proceedings of the 7th ACM Computer Science in Cars Symposium;2023-12-05